Hello,The two mail gateway servers (MX 10 mailgw1.noa.gr and ΜΧ 20 mailgw3.noa.gr) of our org (noa.gr), running Rocky 8 and Postfix 3.9.1, are working fine (for a long time - thanks Wietse), but we are having issues with fortimailcloud servers.
These servers seem to be trying to connect but disconnect without any other action.
Users (recipients in our domain) are reporting that they are not getting mail from users at dias.com.gr domain.
Senders on domain dias.com.gr are reporting that their mails are not getting delivered to users on our domain (noa.gr), but we have not logged any failed delivery attempts (except from the connect/disconnects I mentioned).
We have noticed that mail connections come from 154.52.2.0/24 and advertise DNS name: smtpfra7.fortimailcloud.com
Successful deliveries are occurring rarely; we mostly log connect/disconnects.
As an example:Logs of failed connections on mailgw1.noa.gr (MX 10) (indicative, there are high numbers of those):
...Jan 14 10:37:12 mailgw1 postfix/smtpd[1125361]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.249: Name or service not known Jan 14 10:37:12 mailgw1 postfix/smtpd[1125361]: connect from unknown[154.52.2.249] Jan 14 10:37:12 mailgw1 postfix/smtpd[1125361]: lost connection after CONNECT from unknown[154.52.2.249] Jan 14 10:37:12 mailgw1 postfix/smtpd[1125361]: disconnect from unknown[154.52.2.249] commands=0/0
...Jan 14 10:49:00 mailgw1 postfix/smtpd[1125361]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.157: Name or service not known Jan 14 10:49:00 mailgw1 postfix/smtpd[1125361]: connect from unknown[154.52.2.157] Jan 14 10:49:00 mailgw1 postfix/smtpd[1125361]: lost connection after CONNECT from unknown[154.52.2.157] Jan 14 10:49:00 mailgw1 postfix/smtpd[1125361]: disconnect from unknown[154.52.2.157] commands=0/0
... Logs from mailgw3.noa.gr (MX 20): A successful attempt:Jan 14 10:39:40 mailgw3 postfix/smtpd[266206]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.152: Name or service not known Jan 14 10:39:40 mailgw3 postfix/smtpd[266206]: connect from unknown[154.52.2.152] Jan 14 10:39:41 mailgw3 postfix/smtpd[266206]: Anonymous TLS connection established from unknown[154.52.2.152]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 Jan 14 10:39:44 mailgw3 postfix/smtpd[266206]: 4YXMxr2qbvz4wwX: client=unknown[154.52.2.152] Jan 14 10:39:44 mailgw3 postfix/cleanup[266459]: 4YXMxr2qbvz4wwX: message-id=<512807407.2691.1736772182...@jboss-6-srv.pftp.dias> Jan 14 10:39:44 mailgw3 postfix/qmgr[260583]: 4YXMxr2qbvz4wwX: from=<prvs=1108b1a806=dias_nore...@dias.com.gr>, size=7561, nrcpt=1 (queue active) Jan 14 10:39:45 mailgw3 postfix/smtpd[266206]: disconnect from unknown[154.52.2.152] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Logs of failed connections (indicative, there are high numbers of those):Jan 14 10:17:21 mailgw3 postfix/smtpd[265769]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.241: Name or service not known Jan 14 10:17:21 mailgw3 postfix/smtpd[265769]: connect from unknown[154.52.2.241] Jan 14 10:17:21 mailgw3 postfix/smtpd[265763]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.241: Name or service not known Jan 14 10:17:21 mailgw3 postfix/smtpd[265763]: connect from unknown[154.52.2.241] Jan 14 10:17:21 mailgw3 postfix/smtpd[265763]: lost connection after CONNECT from unknown[154.52.2.241] Jan 14 10:17:21 mailgw3 postfix/smtpd[265763]: disconnect from unknown[154.52.2.241] commands=0/0 Jan 14 10:17:21 mailgw3 postfix/smtpd[265769]: lost connection after CONNECT from unknown[154.52.2.241] Jan 14 10:17:21 mailgw3 postfix/smtpd[265769]: disconnect from unknown[154.52.2.241] commands=0/0
...Jan 14 10:26:38 mailgw3 postfix/smtpd[265763]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.148: Name or service not known Jan 14 10:26:38 mailgw3 postfix/smtpd[265763]: connect from unknown[154.52.2.148] Jan 14 10:26:38 mailgw3 postfix/smtpd[265763]: lost connection after CONNECT from unknown[154.52.2.148] Jan 14 10:26:38 mailgw3 postfix/smtpd[265763]: disconnect from unknown[154.52.2.148] commands=0/0
...Here follow FULL log excerpts (involving ALL connections from 154.52.2.0/24) from both gateway servers for the same 90min period (20250129 09:45 - 11:15).
(Such logging is typical every day and continuous as of today.)All other servers would simply connect to mailgw1 and deliver successfully. But here is what happens with those fortimailcloud servers:
---------------------------------------------------------------------------------------------------- On mailgw1:Jan 29 09:50:15 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.156]:54589 to [83.212.5.27]:25 Jan 29 09:50:21 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.156]:54589
...Jan 29 09:56:54 mailgw1 postfix/smtpd[1914395]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.156: Name or service not known Jan 29 09:56:54 mailgw1 postfix/smtpd[1914395]: connect from unknown[154.52.2.156] Jan 29 09:56:54 mailgw1 postfix/smtpd[1914395]: lost connection after CONNECT from unknown[154.52.2.156] Jan 29 09:56:54 mailgw1 postfix/smtpd[1914395]: disconnect from unknown[154.52.2.156] commands=0/0
...Jan 29 09:57:00 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.158]:37321 to [83.212.5.27]:25 Jan 29 09:57:06 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.158]:37321
...Jan 29 10:03:40 mailgw1 postfix/smtpd[1915107]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.158: Name or service not known Jan 29 10:03:40 mailgw1 postfix/smtpd[1915107]: connect from unknown[154.52.2.158] Jan 29 10:03:40 mailgw1 postfix/smtpd[1915107]: lost connection after CONNECT from unknown[154.52.2.158] Jan 29 10:03:40 mailgw1 postfix/smtpd[1915107]: disconnect from unknown[154.52.2.158] commands=0/0
...Jan 29 10:17:24 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.155]:45889 to [83.212.5.27]:25 Jan 29 10:17:24 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.155]:45889
...Jan 29 10:23:56 mailgw1 postfix/smtpd[1915153]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.155: Name or service not known Jan 29 10:23:56 mailgw1 postfix/smtpd[1915153]: connect from unknown[154.52.2.155] Jan 29 10:23:56 mailgw1 postfix/smtpd[1915153]: lost connection after CONNECT from unknown[154.52.2.155] Jan 29 10:23:56 mailgw1 postfix/smtpd[1915153]: disconnect from unknown[154.52.2.155] commands=0/0
...Jan 29 10:37:27 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.249]:57815 to [83.212.5.27]:25 Jan 29 10:37:33 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.249]:57815
...Jan 29 10:44:04 mailgw1 postfix/smtpd[1915658]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.249: Name or service not known Jan 29 10:44:04 mailgw1 postfix/smtpd[1915658]: connect from unknown[154.52.2.249] Jan 29 10:44:04 mailgw1 postfix/smtpd[1915658]: lost connection after CONNECT from unknown[154.52.2.249] Jan 29 10:44:04 mailgw1 postfix/smtpd[1915658]: disconnect from unknown[154.52.2.249] commands=0/0
...Jan 29 10:57:27 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.240]:52607 to [83.212.5.27]:25 Jan 29 10:57:28 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.240]:52607
...Jan 29 11:04:00 mailgw1 postfix/smtpd[1915935]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.240: Name or service not known Jan 29 11:04:00 mailgw1 postfix/smtpd[1915935]: connect from unknown[154.52.2.240] Jan 29 11:04:00 mailgw1 postfix/smtpd[1915935]: lost connection after CONNECT from unknown[154.52.2.240] Jan 29 11:04:00 mailgw1 postfix/smtpd[1915935]: disconnect from unknown[154.52.2.240] commands=0/0
...Jan 29 11:08:14 mailgw1 postfix/postscreen[1870212]: CONNECT from [154.52.2.153]:48439 to [83.212.5.27]:25 Jan 29 11:08:20 mailgw1 postfix/postscreen[1870212]: PASS OLD [154.52.2.153]:48439
...Jan 29 11:14:52 mailgw1 postfix/smtpd[1915998]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.153: Name or service not known Jan 29 11:14:52 mailgw1 postfix/smtpd[1915998]: connect from unknown[154.52.2.153] Jan 29 11:14:52 mailgw1 postfix/smtpd[1915998]: lost connection after CONNECT from unknown[154.52.2.153] Jan 29 11:14:52 mailgw1 postfix/smtpd[1915998]: disconnect from unknown[154.52.2.153] commands=0/0
---------------------------------------------------------------------------------------------------- and on mailgw3:Jan 29 09:52:45 mailgw3 postfix/postscreen[763453]: CONNECT from [154.52.2.242]:33651 to [62.217.124.2]:25 Jan 29 09:52:51 mailgw3 postfix/postscreen[763453]: PASS OLD [154.52.2.242]:33651
...Jan 29 09:59:23 mailgw3 postfix/smtpd[763484]: lost connection after CONNECT from unknown[154.52.2.242] Jan 29 09:59:23 mailgw3 postfix/smtpd[763484]: disconnect from unknown[154.52.2.242] commands=0/0 Jan 29 09:59:30 mailgw3 postfix/postscreen[763453]: CONNECT from [154.52.2.154]:34571 to [62.217.124.2]:25 Jan 29 09:59:36 mailgw3 postfix/postscreen[763453]: PASS OLD [154.52.2.154]:34571
...Jan 29 10:06:08 mailgw3 postfix/smtpd[763500]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.154: Name or service not known Jan 29 10:06:08 mailgw3 postfix/smtpd[763500]: connect from unknown[154.52.2.154] Jan 29 10:06:08 mailgw3 postfix/smtpd[763500]: lost connection after CONNECT from unknown[154.52.2.154] Jan 29 10:06:08 mailgw3 postfix/smtpd[763500]: disconnect from unknown[154.52.2.154] commands=0/0
...Jan 29 10:19:54 mailgw3 postfix/postscreen[763970]: CONNECT from [154.52.2.155]:59347 to [62.217.124.2]:25 Jan 29 10:19:54 mailgw3 postfix/postscreen[763970]: PASS OLD [154.52.2.155]:59347
...Jan 29 10:26:29 mailgw3 postfix/smtpd[763984]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.155: Name or service not known Jan 29 10:26:29 mailgw3 postfix/smtpd[763984]: connect from unknown[154.52.2.155] Jan 29 10:26:29 mailgw3 postfix/smtpd[763984]: lost connection after CONNECT from unknown[154.52.2.155] Jan 29 10:26:29 mailgw3 postfix/smtpd[763984]: disconnect from unknown[154.52.2.155] commands=0/0
...Jan 29 10:39:57 mailgw3 postfix/postscreen[764252]: CONNECT from [154.52.2.248]:28171 to [62.217.124.2]:25 Jan 29 10:40:03 mailgw3 postfix/postscreen[764252]: PASS OLD [154.52.2.248]:28171
...Jan 29 10:47:43 mailgw3 postfix/smtpd[764267]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.248: Name or service not known Jan 29 10:47:43 mailgw3 postfix/smtpd[764267]: connect from unknown[154.52.2.248] Jan 29 10:47:43 mailgw3 postfix/smtpd[764267]: lost connection after CONNECT from unknown[154.52.2.248] Jan 29 10:47:43 mailgw3 postfix/smtpd[764267]: disconnect from unknown[154.52.2.248] commands=0/0
...Jan 29 10:59:58 mailgw3 postfix/postscreen[764331]: CONNECT from [154.52.2.154]:42581 to [62.217.124.2]:25 Jan 29 10:59:58 mailgw3 postfix/postscreen[764331]: PASS OLD [154.52.2.154]:42581
...Jan 29 11:06:29 mailgw3 postfix/smtpd[764344]: warning: hostname smtpfra7.fortimailcloud.com does not resolve to address 154.52.2.154: Name or service not known Jan 29 11:06:29 mailgw3 postfix/smtpd[764344]: connect from unknown[154.52.2.154] Jan 29 11:06:29 mailgw3 postfix/smtpd[764344]: lost connection after CONNECT from unknown[154.52.2.154] Jan 29 11:06:29 mailgw3 postfix/smtpd[764344]: disconnect from unknown[154.52.2.154] commands=0/0
...Jan 29 11:10:44 mailgw3 postfix/postscreen[764331]: CONNECT from [154.52.2.141]:49197 to [62.217.124.2]:25 Jan 29 11:10:50 mailgw3 postfix/postscreen[764331]: PASS OLD [154.52.2.141]:49197
----------------------------------------------------------------------------------------------------We have opened a ticket at this service provider and a troubleshooting session is to be scheduled.
Can anyone please provide any feedback regarding this behavior?Has this behavior been observed by any of you with fortimailcloud servers or other servers?
Are there any hints as to what may be the cause and the solution? Please advise. Follows "postconf -n" and master.cf (from mailgw1; mailgw3 is identical): ============================================================================================================= [root@mailgw1 postfix]# postconf -n allowed_list1 = reject allowed_list2 = reject command_directory = /usr/sbin compatibility_level = 3.6 content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfixdebugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 100 disable_vrfy_command = yes enable_long_queue_ids = yes header_checks = pcre:/etc/postfix/blacklisted_maillists html_directory = no inet_interfaces = all inet_protocols = ipv4, ipv6 local_recipient_maps = local_transport = error:local mail delivery is disabled mail_name = NOA MAIL ICXC-NIKA mail_owner = postfix maillog_file = /var/log/postfix.log mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 26214400 meta_directory = /etc/postfix mydestination = mynetworks = 127.0.0.1/32 [::1]/128 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfixpostscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_exceptions.cidr
postscreen_blacklist_action = enforce postscreen_dnsbl_action = enforcepostscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[0..255]*3 b.barracudacentral.org=127.0.0.2*2 bl.spameatingmonkey.net=127.0.0.[2..3]*2 bl.spamcop.net=127.0.0.2 dnsbl.sorbs.net=127.0.0.[0..255] psbl.surriel.com bl.mailspike.net list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4
postscreen_dnsbl_threshold = 3 postscreen_dnsbl_whitelist_threshold = -1 postscreen_greet_action = enforce queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix3-3.9.1/README_FILES relay_domains = $transport_maps relay_recipient_maps = sample_directory = /usr/share/doc/postfix3-3.9.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop shlib_directory = /usr/lib/postfix smtp_tls_protocols = >=TLSv1 smtp_tls_security_level = may smtpd_helo_required = yessmtpd_recipient_restrictions = check_client_access hash:/etc/postfix/blacklisted_clients check_client_access hash:/etc/postfix/amavis_bypass_clients check_sender_access hash:/etc/postfix/amavis_bypass_senders check_sender_access hash:/etc/postfix/blacklisted_senders check_sender_access pcre:/etc/postfix/blacklisted_maillists reject_unverified_recipient reject_unauth_destination check_recipient_access hash:/etc/postfix/protected_destinations permit_mynetworks reject_invalid_hostname reject_unauth_pipelining reject_non_fqdn_sender reject_unknown_sender_domain reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unknown_reverse_client_hostname reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org permit
smtpd_restriction_classes = allowed_list1,allowed_list2 smtpd_tls_CAfile = /etc/pki/tls/certs/GeantChain.crt smtpd_tls_cert_file = /etc/pki/tls/certs/star_noa_gr_cert-2312454242.crt smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128 smtpd_tls_key_file = /etc/pki/tls/private/star_noa_gr-1243437.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_ciphers = high smtpd_tls_protocols = >=TLSv1 smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtputf8_enable = no transport_maps = hash:/etc/postfix/transportmap unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtualmappostconf: warning: /etc/postfix/master.cf: support for parameter "disable_dns_lookups" will be removed; instead, specify "smtp_dns_support_level"
============================================================================================================= master.cf: # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - n - - smtpd -v smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache retry unix - - n - - error proxywrite unix - - n - 1 proxymap postlog unix-dgram n - n - 1 postlogd smtp-amavis unix - - n - 2 lmtp # -o smtp_data_done_timeout=1200 # -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
============================================================================================================= Thanks in advance for your valuable feedback. Cheers, Nick
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
